Everything you want to know about Visual Studio ALM and Farming
Brian Harry is a Microsoft Technical Fellow working as the Product Unit Manager for Team Foundation Server. Learn more about Brian.
More videos »
This week we are deploying our sprint 65 work. You can read the release notes here: http://www.visualstudio.com/news/2014-may-20-vso
The really big news is that we’ve completed the next step in the journey to fully supporting Active Directory integration through Azure Active Directory. You can now create a new VS Online account through any of the paths we offer and connect the new account to Azure Active Directory in the process. The news post has a bunch more detail, tutorials, etc.
This has been one of the top service requests for a while now. In fact, there are two highly voted Uservoice items related to it that we’ve partially addressed.
There’s actually a ton more work that we’ve had to do to get to this point than you might imagine. It’s not just about hooking up another authentication provider. We’ve tried to make the whole scenario work well. For instance.
There have been tons of edges like these that we’ve had to deal with. The whole process has given me a renewed appreciation for how much more complicated identity is than you would, at first, imagine.
As I said, this is a step on the journey. There’s lots you can’t do yet. By far the biggest and most important one is that you can’t attach an existing VSO account to an AAD directory. You can only do it while creating a new account. Enabling attaching existing accounts is the next scenario on our list and, last I checked, we were estimating about 3 more sprints of work to get that done.
I know what you are thinking… How can I create a new account, move all my stuff over to the new account and keep working? Stop. Don’t go there. It’s complicated. If you just want to sync your source, create a new account and check it in – basically starting over, go ahead. But if you hope to preserve history, work items, tests, etc. Don’t. Just wait a few sprints and we’ll enable you to add AAD. Down the other path, you’ll pull out half your hair and probably be done about the time we introduce the feature anyway.
There are other things that still need to get done beyond that. For instance, once you can attach AAD to your VSO account, you will be able to add your Microsoft Accounts as external identities to your AAD and keep working. However, some of you, maybe most of you, would sure like to be able to move all of your work from your Microsoft Account to your linked on-premises AD identity – so for example, change firstname.lastname@example.org to email@example.com. We have yet more work to do to enable that and I don’t have a timeline but likely later this year. You will also want to be able to use your Active Directory groups to manage permissions (and other things) in VSO – also likely to happen later this year.
So, this is not the end but rather it is an important step.
As I said, I’ve found that identity is way more complicated than you’d expect and I’ve found that our current docs are not great at telling you everything you need to know. I’ve asked that we put together a one stop shop page that contains a good explanation, links to resources and an FAQ to really help people sort through it all and create a solution that works well for them. I’ll let you know as soon as we have it.
It’s an incredibly exciting step and I think once we get the next step (ability to support pre-existing VSO accounts), we’ll cover the most pressing needs. We’ll finish this out and start ramping up on the next most pressing requirement – process template customization.